Jun 8, 2015
TechnologyThe ssl checking for adding new nodes is still a horrible procedure, following shows the correct steps for adding new node:
On Chef Workstation, add node via its ip address rather than via its hostname:
$ knife bootstrap 172.16.0.12 -x username_on_12 -P password_on_12 --sudo
The example knife.rb file should be written like following:
current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name "nodename"
client_key "#{current_dir}/node.pem"
validation_client_name "nodename"
validation_key "#{current_dir}/node_org.pem"
chef_server_url "https://tmpChefServer/organizations/nodename"
syntax_check_cache_path "#{ENV['HOME']}/.chef/syntaxcache"
cookbook_path ["#{current_dir}/../cookbooks"]
On Chef Client, first fetching the ssl, then manually passed the verification.
$ knife ssl fetch --config /etc/chef/client.rb
$ chef-client -l debug -S https://ChefServer/organizations/xxxxx -K /xxx/xxx/xxxxx.pem
On Chef Server, bootstrap again via the same command, now you could work.
Jun 8, 2015
TechnologyFollowing records the steps for my setup for OpenVSwitch environment and configure VXLAN on it.
Preparation
I use two VMs for this experiment, created a new virtual network, it’s 10.94.94.0/24, every vm machines adds into this network.
VM1, VM2, both have 1G Memory. 1 Core.
VM1: 10.94.94.11, VM2: 10.94.94.12.
$ sudo apt-get update && sudo apt-get -y upgrade
$ sudo apt-get install build-essential$
$ sudo reboot
$ uname -a
$ uname -a
Linux OpenVSwitchVM1 3.13.0-24-generic #47-Ubuntu SMP Fri May 2 23:30:00 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
Generate DEB
Following steps includes install dependencies, fetching source code, build, generate package, notice we use 2.3.0 version of the openvswitch.
$ sudo apt-get install -y build-essential fakeroot debhelper \
autoconf automake bzip2 libssl-dev \
openssl graphviz python-all procps \
python-qt4 python-zopeinterface \
python-twisted-conch libtool
$ wget http://openvswitch.org/releases/openvswitch-2.3.0.tar.gz
$ tar xzvf openvswitch-2.3.0.tar.gz
$ cd openvsiwtch-2.3.0
$ DEB_BUILD_OPTIONS='parallel=8 nocheck' fakeroot debian/rules binary
$ cd ..
$ ls -al *.deb
openvswitch-common_2.3.0-1_amd64.deb openvswitch-ipsec_2.3.0-1_amd64.deb openvswitch-vtep_2.3.0-1_amd64.deb
openvswitch-datapath-dkms_2.3.0-1_all.deb openvswitch-pki_2.3.0-1_all.deb python-openvswitch_2.3.0-1_all.deb
openvswitch-datapath-source_2.3.0-1_all.deb openvswitch-switch_2.3.0-1_amd64.deb
openvswitch-dbg_2.3.0-1_amd64.deb openvswitch-test_2.3.0-1_all.deb
Also copy all of the deb files into another PC.
Installation
In two machines, do following steps for installing.
$ sudo apt-get install -y bridge-utils
$ sudo dpkg -i openvswitch-common_2.3.1-1_amd64.deb \
openvswitch-switch_2.3.1-1_amd64.deb
VM Netorking Configuration
For VM1:
root@OpenVSwitchVM1:~# ovs-vsctl add-br br0
root@OpenVSwitchVM1:~# ovs-vsctl add-br br1
# ovs-vsctl add-port br0 eth0
# ifconfig eth0 0 up
# ifconfig br0 10.94.94.11
# route add default gw 10.94.94.1 br0
# ifconfig br1 172.10.0.1
For VM2:
# ovs-vsctl add-br br0
# ovs-vsctl add-br br1
# ovs-vsctl add-port br0 eth0
# ifconfig eth0 0 up && ifconfig br0 10.94.94.12
# route add default gw 10.94.94.1
# ifconfig br1 172.10.1.1
Ping each other, we could see br1 is not OK.
VXLAN Setup
On VM1, do following operation, to set the vx1:
root@OpenVSwitchVM1:~# ovs-vsctl add-port br1 vx1 -- set interface vx1 type=vxlan options:remote_ip=10.94.94.12
root@OpenVSwitchVM1:~# ovs-vsctl show
a1e9afb6-345a-4f79-8e0b-131cd43cfb67
Bridge "br0"
Port "eth0"
Interface "eth0"
Port "br0"
Interface "br0"
type: internal
Bridge "br1"
Port "br1"
Interface "br1"
type: internal
Port "vx1"
Interface "vx1"
type: vxlan
options: {remote_ip="10.94.94.12"}
ovs_version: "2.3.0"
On VM2, do following operation, to set vx1
root@OpenVSwitchVM2:~# ovs-vsctl add-port br1 vx1 -- set interface vx1 type=vxlan options:remote_ip=10.94.94.11
root@OpenVSwitchVM2:~# ovs-vsctl show
bce3f2b5-9b77-41dc-8130-b8922dd7ac9e
Bridge "br1"
Port "vx1"
Interface "vx1"
type: vxlan
options: {remote_ip="10.94.94.11"}
Port "br1"
Interface "br1"
type: internal
Bridge "br0"
Port "br0"
Interface "br0"
type: internal
Port "eth0"
Interface "eth0"
ovs_version: "2.3.0"
So now you could ping each other via the br1 address.
Mirror Port
Do the following things for setting up the mirror port.
# modprobe dummy
# ip link set up dummy0
root@OpenVSwitchVM1:~# ovs-vsctl add-port br1 dummy0
root@OpenVSwitchVM1:~# ovs-vsctl --id=@m create mirror name=mirror0 -- add bridge br1 mirrors @m
33931f5a-008f-44cf-abc6-38afb3062b5e
root@OpenVSwitchVM1:~# ovs-vsctl list port dummy0
_uuid : 5f5fe675-b1ee-4acd-a0ab-f14e952d1603
bond_downdelay : 0
bond_fake_iface : false
bond_mode : []
bond_updelay : 0
external_ids : {}
fake_bridge : false
interfaces : [a6fbabe9-790d-4be8-a362-b7cbdd46db89]
lacp : []
mac : []
name : "dummy0"
other_config : {}
qos : []
statistics : {}
status : {}
tag : []
trunks : []
vlan_mode : []
Jun 7, 2015
TechnologyWhen adding the existing qcow2 files to a new machine, following steps needs to be done to enable the new configuration for the networking:
Change udev rules
Change the eth1 to eth0, and disable the previous defined eth0:
[root@CentOSVM1 ~]# cat /etc/udev/rules.d/70-persistent-net.rules
# This file was automatically generated by the /lib/udev/write_net_rules
# program, run by the persistent-net-generator.rules rules file.
#
# You can modify it, as long as you keep each rule on a single
# line, and change only the value of the NAME= key.
# PCI device 0x1af4:0x1000 (virtio-pci)
#SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="52:54:00:23:14:96", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"
# PCI device 0x1af4:0x1000 (virtio-pci)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="52:54:00:bc:c6:f5", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"
Change the ethernet configuration
Hostname
The hostname and the gateway could be modified via:
# cat /etc/sysconfig/network
NETWORKING=yes
+ HOSTNAME=CentOSVM1
+ GATEWAY=172.16.0.1
Change the IP configuration of the eth0
[root@CentOSVM1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
UUID=9d92e12c-54a3-404a-bd1c-ae033e8e968c
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
+ IPADDR=172.16.0.20
PREFIX=24
GATEWAY=172.16.0.1
DNS1=114.114.114.114
DNS2=180.76.76.76
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth0"
#HWADDR=52:54:00:23:14:96
+ HWADDR=52:54:00:BC:C6:F5
By now you could customize the network configuration of the CentOS using the same qcow2 disk file.
Jun 3, 2015
Technology- You should install all of the gem of
berkshelf via:
$ gem install berkshelf
$ /opt/chef/embedded/bin/gem install berkshelf
$ /opt/vagrant/embedded/bin/gem install berkshelf
- Besure to add following into your PATH:
$ echo $PATH
/opt/chefdk/bin:/home/kkk/.rvm/gems/ruby-2.2.1/bin:/home/kkk/.rvm/gems/ruby-2.2.1@global/bin:/home/kkk/.rvm/rubies/ruby-2.2.1/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/home/kkk/.rvm/bin:/home/kkk/.rvm/bin:/home/kkk/.rvm/bin
So now you could continue with vagrant up or other steps.
Jun 2, 2015
TechnologyError
Could not Add new nodes.
Reason
This is because the chefDK remains the old version of chef-client,
[dash@~/chef-repo]$ chef --version
Chef Development Kit Version: 0.6.0
chef-client version: ERROR
berks version: ERROR
kitchen version: 1.4.0
Solution
In node, manually get verified via following command:
$ knife ssl fetch --config /etc/chef/client.rb
$ chef-client -l debug -S https://ChefServer/organizations/xxxxx -K /xxx/xxx/xxxxx.pem
Now bootstrap again, and you will see the node could be added into the Chef-Server’s system.
